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5 FAM 770 
FEDERAL WEB SITES 

(CT:IM-107; 06-09-2009) 
(Office of Origin: IRM/BPC/PRG) 

5 FAM 771 DEFINITION 

(TL:IM-33; 02-27-2002) 

Department Web sites created for both the general public and internal 
Department viewing are considered Federal Web sites. This includes Web 
sites on classified and unclassified networks. 



5 FAM 772 PRIVACY PRINCIPLES FOR 
FEDERAL WEBSITES 

5 FAM 772.1 Overall 

(CT:IM-107; 06-09-2009) 

a. Web site managers, Web page designers, and program offices must 
ensure that the privacy of personal information is protected. 

b. Federal Web sites must include a privacy policy statement, even if the 
site does not collect any information that results in creating a Privacy Act 
record. 

c. The Privacy Act of 1974 requires a privacy notice when collecting personal 
data from individuals that is stored in a system of records keyed to 
personal identifier or other identifying symbol assigned to an individual. 
The Privacy Act also limits the disclosure of personal information. 

d. Information placed on a Web site is subject to the same Privacy Act 
restrictions as when releasing non-electronic information. A privacy 
notice is required for the Web site as a whole to cover Web site issues 
such as logs, e-mails to the webmaster and other specific issues. Direct 
specific privacy questions to the Department's Privacy Act Office, 
A/G/S/IPS. 

e. The extent of the use of personally identifying information must be fully 
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disclosed and protections must be put in place to ensure information is 
used only within the expectations and understanding of the public. 
Information collected for one purpose may not be used for another 
purpose without notice to or consent of the subject of record. When 
gathering information from the public, security in the form of encryption 
and digital certificates must be integrated into the applications to the 
greatest extent possible. 

f. Information obtained to conduct system administration functions must be 
protected. System administrators must maintain the confidentiality of the 
contents of electronic communications and prevent disclosure of 
electronic communications to avoid being in violation of the Electronic 
Communications Privacy Act. 

g. All Federal Web sites and contractors, when operating on behalf of 
agencies, shall comply with the standards set forth in the Children's 
Online Privacy Protection Act of 1998 with respect to the collection of 
personal information online at Web sites directed to children. 

5 FAM 772.2 Links to Internet Web Sites 

(TL:IM-33; 02-27-2002) 

a. Internet to Internet— When linking from Department Internet Web pages 
to locations outside of Federal government domains, disclaimers must be 
added to advise the public that the Department is not responsible for and 
does not endorse the non-government organization. Suggested text, or 
its equivalent: "This site is produced and maintained by the [optional-list 
section, office or bureau] U.S. Department of State. Links to other sites 
are provided as a convenience and should not be construed as an 
endorsement of the views or products contained therein." 

b. Intranet to Internet— When linking from a Department intranet, such as 
OpenNet Plus, to an Internet location, a warning notice must be added to 
alert the user that the new location is outside the Department's private 
network. 

5 FAM 773 INTERNET WEB SITE HOSTING 

(TL:IM-33; 02-27-2002) 

a. For domestic audiences, the Bureau of Public Affairs (PA) publishes public 
foreign policy material and information about the State Department on 
the Internet for all bureaus and provides some publishing services for 
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selected operational entities. 

b. For audiences abroad, posts should either contract with a local Internet 
service provider, host the site internally, or work with the Coordinator, 
International Information Programs, Office of Electronic Media (IIP/T/EM), 
for other alternatives or to host the site in Washington. 

c. All offices maintaining a Web site, whether managed by that office, 
another Department office, or a contractor, will have an e-mail address 
which visitors to the office Web site can use to make comments and/or 
ask questions. The e-mail address should be generic to the office or staff 
function and not that of an individual employee or contractor. 

5 FAM 774 CLASSNET WEB SITE 
CLASSIFICATION MARKING 

(CT:IM-92; 08-01-2007) 

a. Classified, restricted distribution, and SBU material will not be displayed 
on the Internet. 

b. Classified and restricted distribution material will not be displayed on 
unclassified intranet Web sites. 

c. For classified Web sites, the requirements of E.O. 12958 concerning 
classified information "apply regardless of physical format and to all 
document types." Webmasters are responsible for ensuring that the 
following markings appear clearly on all classified Web sites. 

(1) Overall classification of the page, centered at the top and bottom of 
the page, should be indicated by a continuous vertical marking on 
the left side of the page. This marking will be tiled as the page 
scrolls and, therefore, be visible through the whole page. 

(2) Overall classification of the page should be indicated, centered at 
the top and bottom of the page. This marking will properly mark 
printed copies of the Web page. 

(3) Individual elements of the Web page (e.g., text, images, tables, 
lists, etc.) should be portion marked with the highest classification 
contained within the element as prescribed in 12 FAM 529 for 
normal printed material. 

(4) An appropriate declassification instruction should be displayed at 
the bottom of the Web page. 
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d. The <body> tag should contain the URL of the appropriate background 
for the classified Web page. 



Example 

<body background = "name_of_classified_background.gif"> 



e. An unclassified sample secret web page modeling these requirements can 
be viewed on the IRM Office of Policy and Regulations (IRM/BPC/PRG) 
Web site. Background images can be downloaded following instructions 
on the sample Web page. 



5 FAM 775 INCIDENT HANDLING 

(CT:IM-88; 05-16-2007) 

a. Web site managers, whether they perform site monitoring activities 
themselves to identify security incidents or rely on the Internet service 
provider (ISP) for these services, must be prepared to report and respond 
to incidents if they occur. All incidents should be reported to the ISSO 
and RSO and to the following teams. Site managers should: 

(1) Immediately report any suspected virus activity on any system to 
the Virus Incident Response Team (VIRT) at Virus2@state.gov. 
They should also submit the virus report, available on OpenNet, to 
the Systems Integrity Division (IRM/OPS/ITI/SI) each time a virus 
is discovered. The complete anti-virus program description is also 
available on the VIRT Web site. 

(2) Immediately report to the Computer Incident Response Team 
(CIRT) unsolicited or junk commercial e-mail ("spam"), anonymous 
e-mail, denial-of-service attacks, or suspicious attachments that 
may be sent to Department e-mail addresses, including any 
addresses associated with the Web site. The CIRT may be reached 
by e-mail at CIRT@state.gov. Should e-mail be unavailable, an 
alternate point of contact is the IRM Infocenter. 

(3) Report attempts to thwart or bypass security, whether successful or 
unsuccessful, to the CIRT. These include Web site related incidents 
such as: attempts to access and/or change Web site content, 
passwords, etc.; non-Web site related attacks such as excessive 
unauthorized logon and access attempts to the server; access 
attempts after regular local business hours; unauthorized access or 
permissions to file directories, share data and folders, or to system 
applications and operating systems; unauthorized logon screens or 
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procedures; and passwords displayed in plain text. 

b. Refer to 12 FAM 600, Information Security Technology, for Automated 
Information Systems security requirements. For additional information 
contact DS/SI/CS. 

5 FAM 776 WEB SITE DEVELOPMENT 

5 FAM 776.1 Software Applications 

(CT:IM-88; 05-16-2007) 

a. A list of recommended software applications for Web site development is 
promulgated by the Internet Steering Committee. Offices are authorized 
to procure licenses to install and use any of these applications that they 
determine are required for Web site development. Installation should be 
coordinated with the appropriate systems manager when administrative 
privilege may be required. 

b. Submit requests for additions to the recommended software list by e-mail 
to the Internet Steering Committee at 
internetsteeringcommittee@state.gov. 

5 FAM 776.2 Responsibilities for Internet Web Site 
Operators 

(CT:IM-88; 05-16-2007) 

a. Any office or mission that creates or "publishes" a public Web site is 
responsible for its content, organization, and adherence to the 
Department's standards and practices, and federal regulations. 

b. The designated editor or content manager should: 

(1) Obtain all substantive clearances of content per existing 
Department clearance procedures for release of information to the 
public (10 FAM 132 b). Those clearances may include other mission 
elements, regional or functional bureaus, Diplomatic Security, 
Public Affairs Office of Electronic Information (PA/EI), or 
International Information Programs Office (IIP). 

(2) Ensure that information published on their Web sites is current, 
relevant, and accurate. 
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(3) Maintain Department design and content standards, including a link 
to the main State Internet site. Missions abroad also should 
provide links to appropriate sections of the IIP Web site. 

(4) Coordinate information exclusively or primarily for domestic U.S. 
audiences with PA/EI. 

(5) Sites abroad should inform regional bureaus and IIP of major 
changes in content and design. 

(6) Ensure compliance with Department privacy policies for Web sites 
(i.e. privacy statements are posted and kept current, persistent 
cookies are not used without proper authorization and notice). 

5 FAM 776.3 Content 

(CT:IM-107; 06-09-2009) 

a. Domestically, Web pages must follow existing approval procedures 
regarding Department of State documents, reports, memorandums, etc. 
for public release. See Forms DS-1837, Request for Approval of New or 
Recurring Information Dissemination. The Public Affairs Office of 
Electronic Information (PA/EI) approves electronic information 
dissemination to the public. 

b. Public affairs officers shall coordinate mission Web publishing to foreign 
audiences with mission elements and the respective geographic bureau in 
Washington. All materials published to the mission Web site should be 
cleared at the mission in the same manner as they would be for paper 
distribution unless a separate clearance process is put in place at the 
mission for Web publishing. Missions are encouraged to consult with the 
International Information Programs Electronic Media Team (IIP/T/EM) 
regarding content and design. 

c. The Department must observe legal distinctions between domestic and 
international dissemination of electronic programs as required by the 
Smith-Mundt Act. 

(1) Under the Smith-Mundt Act, the Department is prohibited from 
domestically disseminating materials that have been prepared 
about the United States, its people, and its policies for 
dissemination abroad. This ban applies to public diplomacy 
programs, including the program materials created prior to the 
consolidation of the United States Information Agency (USIA) and 
the Department of State. Accordingly, this ban continues to apply 
to posting of program materials on the Internet. Program materials 
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posted on the Internet must be on the Department's international 
site only. 

(2) The Department must not distribute, advertise, or otherwise 

actively make available to persons located within the United States, 
Web pages that contain Smith-Mundt program materials. Embassy 
and mission Web sites abroad which serve both domestic and 
foreign audiences can accomplish this goal by ensuring that policy 
information for foreign audiences is clearly identified and separate 
from information and services directed primarily toward U.S. 
citizens. 

d. The following categories of information are prohibited from being posting 
on publicly accessible State Department Web sites: 

(1) Floor plans or blue prints of U.S. Government facilities, electrical, 
water, or telephone diagrams detailing routes and locations of 
existing wires or pipes or shafts. 

(2) The existence, location, types or specifications of any physical 
security device and/or missing, broken or failure of any security 
devices. 

(3) Classified and Sensitive But Unclassified (SBU) material. 

(4) Other restricted distribution material (i.e., NOFORN). 

(5) Privacy Act information (e.g., personal information relating to U.S. 
citizens, such as social security account numbers, dates of birth). 

(6) Home addresses and home or cellular telephone numbers of 
individuals. 

(7) Duty rosters or detailed organizational charts below the level of a 
domestic office or, at post, below the level of a key officer as stated 
in the Key Officers of Foreign Service Posts publication. Employee 
information below the level of a domestic office or below the key 
officer at post may be published when required by law or regulation 
or when public release has been specifically authorized. 

(8) Personal medical records. 

(9) Financial disclosure reports of U.S. Government employees. 

(10) Any information about personal legal problems. 

(11) Internal Department of State personnel rules and practices when 
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they refer to specific individuals. 

(12) Any information dealing with investigative actions concerning a 
specific person. 

(13) Action on reports of selection boards when it refers to specific 
individuals. 

(14) Labor union representation rights and duties when they refer to 
specific individuals. 

(15) Civil and/or Foreign Service examination and/or confidential 
records. 

(16) Drug abuse prevention and/or rehabilitation records. 

(17) Software or technical information that could put Department 
resources at risk, such as network diagrams or port scanners. 

e. The following categories of information are prohibited from being posted 
on publicly accessible State Department Web sites, except in cases where 
public release has been specifically authorized: 

(1) Financial records of the Department or the U.S Government 

(2) Distribution lists. 

(3) Shipping and receiving documents. 

(4) Photographs of U.S. Government individuals, except for DCM rank 
and above, or as approved for public diplomacy or public affairs 
purposes. 

(5) Biographies of U.S. Government employees except for DCM rank or 
equivalent and above or as required by law or approved for public 
diplomacy or public affairs purposes. 

(6) Pictures of U.S. Government facilities, including, and of particular 
concern, the display of security countermeasures. A mission, 
however, may carry an official photograph of the embassy or 
chancery building. 

(7) Job titles and/or descriptions of U.S. Government personnel, except 
as stated in the Key Officers of Foreign Service Posts publication or 
when required by law or regulation. 

(8) Information identifying employees of other agencies, except when 
authorized. 
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(9) Travel itineraries of individuals or groups, including ambassadorial 
schedules, prior to the event unless previously released to the 
media or otherwise authorized as part of a public diplomacy or 
public affairs function. 

f. Posting any of the following is prohibited: 

(1) Offensive or harassing material; 

(2) Abusive or objectionable language; 

(3) Misrepresentations of the Department; or 

(4) Personal and/or commercial advertising. 

g. Web site editors and content managers are responsible to ensure that 
their Web site does not endorse or indicate preferential treatment for any 
product. No payment or reimbursement of any kind shall be accepted in 
exchange for links on an official State Department Web site. 

h. The English language will be used throughout all U.S. domestic Web 
pages on the Internet and on all intranet pages regardless of audience. 
Foreign language translations of documents may be included with the 
English original, if required, to meet the purpose of the Web site. 

i. Posts have a foreign and domestic audience since the U.S. public is a key 
user of their sites. Post Web sites should, therefore, have text available 
in English in addition to any other language for all official policy 
statements, and for the types of information defined in section 1461 (a) 
of the Smith-Mundt Act, as follows: "information about the United States, 
its people, and its policies disseminated through press, publications, 
radio, motion pictures, and other information media, and through 
information centers to be available, on request, in the English language at 
the Department of State, at all reasonable times following its release as 
information abroad, for examination only by representatives of United 
States press associations, newspapers, magazines, radio systems, and 
stations, and by research students and scholars..." 

j. Material pertinent to internal Department operations or procedures should 
be posted on the intranet, not to public Internet sites. Due to FOIA 
requirements, some administrative materials, manuals, and instructions 
must be posted publicly. The FAM, FAH, and other policies that may 
affect the public are part of this requirement. Contact A/GIS/IPS for 
guidance prior to posting internal Department documents. 

k. Web sites should be tested using several popular browsers to ensure 
faultless accessibility to everyone. State Department Web sites shall not 
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require or encourage users to choose any specific browser. 

I. Graphics or logos depicting companies and/or products may be displayed 
on the home page when they indicate compliance with a standard such as 
"Bobby Approved" for Section 508 of the Rehabilitation Act and "VeriSign" 
for encryption, or when they are commonly accepted utility applications 
such as Adobe Acrobat which may be necessary for the user to access the 
Web site content. 

Graphics or logos depicting non-commercial organizations may be used in 
conjunction with appropriate text to identify links to resources. This 
practice should be confined to a separate page labeled "References" or 
"Links" or some similar title. Generally all other uses of 
companies/product logos should not appear on the State Department's 
Internet or intranet Web sites. 

m.The use of commercial endorsements, sponsorships, or similar items 
should be discussed with PA/EI or IIP. If necessary, those offices will 
clear such requests with the Office of the Legal Adviser. 

n. Exercise caution when using informal "surveys" or forms. If you are 
asking the public for information, be aware of the requirements of the 
Paperwork Reduction Act of 1995 (PRA). The PRA does not differentiate 
between information collection domestically or abroad, or between U.S. 
citizens and foreigners. The PRA requires that all information collection 
requests (a request for information from 10 or more persons), with minor 
exceptions, must be cleared by the Office of Management and Budget 
(OMB) and display an OMB control number prior to issuance. A request 
to send feedback on the site to the webmaster is exempt. Contact the 
Directives Management staff in A/GIS/DIR for further assistance and 
authorization concerning the PRA, information collections, and OMB 
clearance. 

o. All sites should link to the disclaimer page. Additional disclaimers may be 
added, as appropriate. If your office cannot link to this U.S. site, your 
office should post similar disclaimers derived from those contained on this 
site. The Office of the Legal Adviser (L/EMP) should be included in the 
review of notices and disclaimers. Service agreements with external 
Internet service providers (ISP) must state that the ISP will not sell lists 
of users who access the Department site to any other person or entity, 
which would be a violation of the Privacy Act. 

p. References to Web contractors or hosting services should not appear on 
the homepage. If applicable, the Web site should include a separate page 
labeled "Credits" or "About This Site" which provides information about 
Web contractors, and other commercial or technical support for the Web 
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site. 

q. Copyrighted information should be used only in accordance with current 
copyright laws that in most cases require permission from the copyright 
owner. Refer to 5 FAM 480, Use of Copyrighted Material, for specific 
policy regarding copyrighted information. 

5 FAM 776.4 Design Standards for People With 
Disabilities 

(TL :IM-88; 01-09-2004) 

a. All State Department Web sites must be accessible to the disabled as 
defined in Section 508 of the Rehabilitation Act as amended in 1998. 
Web site editors and content managers are responsible for ensuring that 
their Web sites are tested with one or more of the recommended tools 
and corrections made to achieve an acceptable access level. The IRM 
Business Center (IRM/BPC/CST/BC) maintains the IMPACT intranet site, 
including resources to evaluate Web site compliance with Section 508. 
Other resources include the Justice Department Section 508 Web site; the 
Architectural and Transportation Barriers Compliance Board; and the 
Federal IT Accessibility Initiative. 

b. Contact L/EMP and the IRM IMPACT Office, SECTION508@state.gov, for 
advice and assistance on disability issues. 

5 FAM 777 ONLINE COLLABORATION 

(CT:IM-88; 05-16-2007) 

Online tools, such as blogs, wikis, and collaboration software, are important 
means for collaboration and information sharing within the Department and 
with other foreign affairs, homeland security, and national security 
organizations. Follow these guidelines when using these tools: 

(1) Department online collaboration tools are for official use by 
authorized personnel. 

(2) Information in the online sites is Departmental, not personal. 

(3) Record management, security, clearance, freedom of information, 
and other relevant rules governing appropriate operation and use of 
Department Web sites, electronic documents, and other information 
apply to online collaboration tools. 
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(4) Contributors must keep their language, conduct, and contributions 
professional, civil, and to the point. 

(5) Offices hosting blogs and wikis are ultimately responsible for the 
content. The moderator(s)/administrator(s) of a blog should review 
newly posted material at least every business day. The 
organization hosting a wiki must establish a governance process to 
review and take action on disputed or inappropriate material. After 
the hosting organization determines material to be inappropriate, it 
must remove the material within one business day. 

(6) Employees, acting in their private capacity, may establish personal 
blogs, wikis, or any other collaborative forum; however, the 
provisions of 3 FAM 4172.1-3 must be followed. Any posting to a 
wiki or blog that contains information "of official concern" to the 
Department must be cleared through PA (for domestic employees) 
or Chief of Mission (for employees serving abroad), unless being 
referenced from existing publicly available information. No 
employee shall accept compensation from any source other than 
the United States Government for writing that relates to the 
employee's official duties. 

(7) As is the case with public Web sites (5 FAM 776.3), public online 
collaboration forums, whether official or personal, should not 
include discussions of internal Department policy, procedures, 
personally identifiable information about Department employees, 
financial information, etc. Additionally, public forums should not 
contain links to Department intranet sites. 



5 FAM 778 THROUGH 779 UNASSIGNED 
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